Version 4.2.0 is a BuddyPress maintenance and security release. It was released on April 25, 2019. 3 bugs were fixed and 9 security issues were addressed.
For version 4.3.0, the database version (
wp_options) was 11105, and the Trac revision was r12388.
- Blogs: Fix bug that caused wp-signup.php links not to be redirected in all cases. (#6178)
- Templates: Add missing PHP delimiters from Nouveau template. (#8085)
- Templates: Fix directory filtering regression introduced in BP 4.2.0. (#8064, #8067)
- Security: Prevent access to activity items in hidden groups via “favorite” feature.
- Security: Prevent access to group join mechanism by unauthorized users.
- Security: Prevent replies to activity items in non-public groups by unauthorized users in Nouveau.
- Security: Prevent unauthorized access to message threads via AJAX query manipulation in Nouveau.
- Security: Prevent XSS via group names.
- Security: Prevent XSS in activity content.
- Security: Prevent privilege escalation when editing group details.
- Security: Prevent unauthorized read access to pending group invitations.
- Security: Prevent unauthorized group invitation deletion in Nouveau.
The detailed list of changes for this release are available at BuddyPress Trac. See milestone 4.3.0.